Improper Access Control in Grandstream Networking Devices
CVE-2019-10657

6.5MEDIUM

Key Information:

Vendor
CVE Published:
30 March 2019

What is CVE-2019-10657?

Certain Grandstream networking devices, specifically the GWN7000 and GWN7610 models, are susceptible to a vulnerability that enables remote authenticated users to exploit configuration requests and discover sensitive passwords. This security flaw occurs prior to specific firmware updates, exposing devices to unauthorized access by leveraging the /ubus/uci.apply configuration endpoint.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.